LiveActive security incident?Get immediate response
CVE Record

CVE-2014-5410: Rockwell Automation Micrologix 1400 Improper Input Validation

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line.

HighCVSS 7.1Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This vulnerability can let an unauthenticated remote actor disrupt affected MicroLogix 1400 controllers by sending malformed DNP3 traffic. The business risk is process disruption, not data theft. Exposure matters most where DNP3 is enabled and reachable over Ethernet or serial paths.

Executive priority

Treat this as a high-priority operational resilience issue for affected control environments. Prioritize plants or remote sites where DNP3 is enabled and reachable, because successful exploitation can disrupt controlled processes.

Technical view

CVE-2014-5410 is improper input validation in the DNP3 feature of Rockwell Automation Allen-Bradley MicroLogix 1400 controllers. Sources describe denial of service from malformed packets over Ethernet or serial. Affected versions include Series A FRN 7 and earlier, and Series B before FRN 15.001.

Likely exposure

Likely exposure is limited to environments using MicroLogix 1400 controllers with DNP3 enabled and reachable. Internet exposure would increase urgency, but the provided sources do not state common internet exposure or specific deployment prevalence.

Exploitation context

The CVE is not listed as CISA KEV in the supplied bundle. The sources support remote denial of service potential, but do not provide evidence of active exploitation, public weaponization, or compromise campaigns.

Researcher notes

Available evidence supports a remote unauthenticated availability impact through malformed DNP3 input. The provided bundle does not include exploit details, active exploitation evidence, or complete remediation text for every affected Series, so validation should stay anchored to vendor and CISA advisories.

Mitigation direction

  • Identify MicroLogix 1400 controllers and record Series and FRN levels.
  • For Series B, update vulnerable firmware to FRN 15.001 or later where applicable.
  • Review Rockwell Automation and CISA guidance for Series A remediation options.
  • Disable DNP3 where it is not operationally required.
  • Restrict DNP3 access to trusted ICS paths only.

Validation and detection

  • Inventory controllers and confirm exact Series, catalog family, and FRN version.
  • Verify whether DNP3 is enabled on each controller.
  • Check whether DNP3 is reachable over Ethernet or serial links.
  • Confirm firmware status against Rockwell Automation and CISA advisories.
  • Review monitoring for unexpected controller resets or process disruptions.
Prepared
Confidence
high
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2014-5410 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.1 (2.0)
Known Exploited
No
Published

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
5Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.1CVSS 2.0HighAV:N/AC:M/Au:N/C:N/I:N/A:C8.66.9Primary CVE score

Vulnerability scoring details

Base CVSS 2.0 score

7.1High
CVSS 2.0 vector shape for CVE-2014-5410Access VectorAccess ComplexityAuthenticationConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector
NetworkAdjacentLocal
Access Complexity
LowMediumHigh
Authentication
NoneSingleMultiple
Confidentiality Impact
CompletePartialNone
Integrity Impact
CompletePartialNone
Availability Impact
CompletePartialNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Rockwell AutomationAllen-Bradley MicroLogix 14000, 0, Series B FRN 15.001 or higherunaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.